Menu

open ssh

As promising as System Center Orchestrator is with all the Integration Packs that are being developed every day, there still are some gaps to fill to be able to compete in specific scenarios in the real world.

One of these gaps that needs to be filled is automating SSH, Telnet, and Batch scripts.

Background

System Center Orchestrator ships with an activity called “Run SSH Command”, which is great for executing a single command, or a script file to a Unix/Linux machine. While this is great for executing straight forward commands and scripts, it lacks the ability to interact with the shell and maybe execute different options or commands based on how this script actually goes. Or maybe, the script is expected to ask for a username and password to connect to a FTP server, how then would you supply these inputs, without actually changing the script itself?

Other technologies, like for example HP’s Operations Orchestration, has introduced the use of what is known as “Expect Scripts”, which would simply guide the shell into sending different commands once it has recognized certain text or regular expression in the StdOut of the shell.

This expect script for example would reply to a couple of prompts asking the user for first and last name within the script.

While the “Expect Script” methodology is not very well documented, it is available in many incarnations, one of which exists as a feature in a tool called “ActiveTcl”.

ActiveTcl is a “Tool Command Language”, which is some sort of a scripting language that is dedicated to controlling and commanding other tools. While Tcl as a concept is a little beyond the scope of this article, we must understand some basic concepts about the role Tcl plays in our little scenario.

So bear with me a little longer with this introduction, it will make things easier afterwards.

Behind the scenes, System Center Orchestrator user plink (PuTTY) to execute SSH Commands using the “Run SSH Command” activity, so we will do the same, since PuTTY is a very dependable SSH/Telnet client, you could use any incarnation of OpenSSH if you prefer.

However, in order to add the “Expect Script” functionality to our flows, we will not directly call (PuTTY) from our workflows. Instead, we will call Tcl and instruct it to call PuTTY with the required command and parameters.

PuTTY (must be the installer version to make sure you have installed plink as well)

Bitvise WinSSHD In case you do not have a Unix/Linux machine to test with, you can use this virtual SSH server on any windows machine.

Known Limitations

SSH/Telnet passwords will be sent and saved in clear text unless you specify a key file for authentication

This scenario has not been tested for a highly available Orchestrator implementation, but in order for it to work, all temp files must be saved in a shared location, and all the prerequisite tools must be installed with same configuration on all Runbook servers.

If your Orchestrator machine is behind a proxy or cannot reach the internet (which is required to install the “Expect” functionality within ActiveTcl), please install version 8.4.x of ActiveTcl then on top of it install the latest version, as version 8.4.x ships with “Expect” functionality pre-installed (make sure you select “Merge repository” option with installing 8.6.x on top of 8.4.x).

For some reason, ActiveTcl does not play nicely with Windows Server 2012, it always fails recognize the text that it is expecting, so it times out and moves to the next command. I have only got it to work with Windows Server 2008 R2. Maybe we can check out other incarnations of Expect like DejaGNU.

The “Run Program” Activity used to run the script, does not produce the StdOut for the script. I think this is because “Run Program” depends on psexec which does not have this ability. We need to research other ways of kicking of the command from Orchestrator.

Download ActiveTcl and start the installed, it is your typical ‘next, next, finish’. (Make sure you run the installer as Administrator, and keep the defaults)

Installing ActiveTcl:

Download ActiveTcl and start the installed, it is your typical ‘next, next, finish’. (Make sure you run the installer as Administrator, and keep the defaults)

Once you’re done. you can find Tcl in the C:\Tcl directory on your Runbook server, now navigate to C:\Tcl\bin and open “tclsh.exe”

This will open a command-line like utility, which the Tcl Command Line Interpreter. now to install the “Expect” package, type “teacup install Expect”

If you happen to be behind a proxy server on your Runbook server, you can specify proxy information using the “teacup” tool, or install version 8.4.x of ActiveTcl then on top of it install the latest version, as version 8.4.x ships with “Expect” functionality pre-installed (make sure you select “Merge repository” option with installing 8.6.x on top of 8.4.x).

After you are done, to verify that Expect is properly installed type “package require Expect”, you should get the current version number if Expect.

Now, once you are done, navigate to C:\Program Files (x86)\PuTTY to copy plink.exe and paste it to C:\Tcl\bin, this will eliminate the need for us to add “C:\Program Files (x86)\PuTTY” to the “PATH” environment variable.

Scenario

Now, let us get started with the actual runbook authoring. We want to create something with the following logic:

“Construct TCL File” will write a TCL file to disk, the contents of that file, will instruct ActiveTcl to execute a new process of PuTTY with specific parameters, and run the Expect sequence on it.

The contents of the TCL file are written in Tcl language, which is not our concern at the moment, however you may find everything you need to know about it at C:\Tcl\doc, the file should look something like this:

After the file has been written to disk, we will use ActiveTcl’s tclsh.exe to execute the file, this will spawn the PuTTY terminal and execute the command and the expect sequence in the background.

Runbook Design

Now, let us get started with the runbook design in Orchestrator. And create the following directory tree in Runbook Designer.

Now right click the folder “0.Construct Tcl File” and select “New > Runbook”. Rename the runbook to “Construct Tcl File”. This runbook will simply use a default Tcl file that we will prepare, and copy it for our specific use. It will then replace a placeholder for the expect script with the Expect Script given to it as input .

Right click the runbook tab and choose properties to open the runbook properties. Go to the “Returned Data” tab and add a new output value for this runbook as follows:

Drag and drop the following 4 Activities in the runbook area:

Initialize Data

Copy File

Search and Replace Text

Return Data

And here are the properties of these activities in sequence for you to replicate:

Initialize Data:

Copy File:

Note that i have created variables called:

default tcl file path

default tcl path

Which are currently set to:

Search And Replace Text:

Return Data:

Now for all this to work, we need to have the file “C:\Tcl\scorch\default.tcl” in place, so go ahead and navigate to “C:\Tcl\” and create a directory called “scorch” which we will use to save our files. Create a new text file and rename it default.tcl with the following contents:

Note the “${expect}” at the bottom of the file, this value will be replaced by our “Search And Replace Text” activity with the input “Expect Scripts” value from “Initialize Data”.
I am aware that the Initialize Data” activity will not allow you to input multi-line text for any of its inputs, however we can always separate our expect script using semicolons, or have it read from another file altogether, or you can actually use a Run .Net Activity which will enable you to edit the file in multi-line text… It is really up to you how you want to approach this. I like this way because it enables me to create a re-usable flow that i can just invoke with different parameters each time. The hassle of writing the expect script doesn’t bother me so much because you can always manipulate the script manually in the tcl file until it works then just replace the line breaks with semi colons manually.

Test your flow, so far this part should be able to create new Tcl files based on different expect scripts, and output the created file name.

Now, let us get started with calling the the actual command which will do the magic. Right click the folder “1.Execult Tcl File” in your Runbook Designer and create a new flow named “Execute Tcl File”.

And that’s it for this runbook. Now create the main runbook in the “Run SSH Command (Tcl)” folder, and drag a couple of “Invoke Runbook” activities. It should looks something like this:

Conclusion

There are many alternative and many ways to go to accomplish the same thing, let me list some examples here:

You could use OpenSSH or PuTTY as your SSH Client.

You could use ActiveTcl or DejaGNU as your Tcl for the “Expect for Windows” functionality

You could disregard ActiveTcl completely and perform the “Expect” activity on the Unix/Linux box. Expect for Unix is much more advanced and accurate that Expect for Windows.
For example if you are running ubuntu, run the following two commands to get “Expect for Unix”

sudo apt-get install expect
sudo apt-get install expect-dev

This will also install “Autoexpect” for you, which a tool that will generate an expect script for you for any given script.

You can always use the same technique for telnet, cmd batch scripts, whatever you can think of… Tcl is a very powerful language.

Sources

You can check these great sources for more info regarding this subject: